* Thu Dec 12 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.17-1
- Update samba-bgqd policy Resolves: RHEL-69512 - Allow samba-bgqd read cups config files Resolves: RHEL-69512 - Allow virtqemud additional permissions for tmpfs_t blk devices Resolves: RHEL-61235 - Allow virtqemud rw access to svirt_image_t chr files Resolves: RHEL-61235 - Allow virtqemud rw and setattr access to fixed block devices Resolves: RHEL-61235 - Label /etc/mdevctl.d/scripts.d with bin_t Resolves: RHEL-39893 - Fix the /etc/mdevctl\.d(/.*)? regexp Resolves: RHEL-39893 - Allow virtnodedev watch mdevctl config dirs Resolves: RHEL-39893 - Make mdevctl_conf_t member of the file_type attribute Resolves: RHEL-39893 - Label /etc/mdevctl.d with mdevctl_conf_t Resolves: RHEL-39893 - Allow virtqemud relabelfrom virt_log_t files Resolves: RHEL-48236 - Allow virtqemud_t relabel virtqemud_var_run_t sock_files Resolves: RHEL-48236 - Allow virtqemud relabelfrom virtqemud_var_run_t dirs Resolves: RHEL-48236 - Allow svirt_tcg_t read virtqemud_t fifo_files Resolves: RHEL-48236 - Allow virtqemud rw and setattr access to sev devices Resolves: RHEL-69128 - Allow virtqemud directly read and write to a fixed disk Resolves: RHEL-61235 - Allow svirt_t the sys_rawio capability Resolves: RHEL-61235 - Allow svirt_t the sys_rawio capability Resolves: RHEL-61235 - Allow virtqemud connect to sanlock over a unix stream socket Resolves: RHEL-44352 - allow gdm and iiosensorproxy talk to each other via D-bus Resolves: RHEL-70850 - Allow sendmail to map mail server configuration files Related: RHEL-54014 - Allow procmail to read mail aliases Resolves: RHEL-54014 - Grant rhsmcertd chown capability & userdb access Resolves: RHEL-68481
This commit is contained in:
parent
bfa35b4ec0
commit
a789dba85b
48
changelog
48
changelog
@ -1,3 +1,51 @@
|
|||||||
|
* Thu Dec 12 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.17-1
|
||||||
|
- Update samba-bgqd policy
|
||||||
|
Resolves: RHEL-69512
|
||||||
|
- Allow samba-bgqd read cups config files
|
||||||
|
Resolves: RHEL-69512
|
||||||
|
- Allow virtqemud additional permissions for tmpfs_t blk devices
|
||||||
|
Resolves: RHEL-61235
|
||||||
|
- Allow virtqemud rw access to svirt_image_t chr files
|
||||||
|
Resolves: RHEL-61235
|
||||||
|
- Allow virtqemud rw and setattr access to fixed block devices
|
||||||
|
Resolves: RHEL-61235
|
||||||
|
- Label /etc/mdevctl.d/scripts.d with bin_t
|
||||||
|
Resolves: RHEL-39893
|
||||||
|
- Fix the /etc/mdevctl\.d(/.*)? regexp
|
||||||
|
Resolves: RHEL-39893
|
||||||
|
- Allow virtnodedev watch mdevctl config dirs
|
||||||
|
Resolves: RHEL-39893
|
||||||
|
- Make mdevctl_conf_t member of the file_type attribute
|
||||||
|
Resolves: RHEL-39893
|
||||||
|
- Label /etc/mdevctl.d with mdevctl_conf_t
|
||||||
|
Resolves: RHEL-39893
|
||||||
|
- Allow virtqemud relabelfrom virt_log_t files
|
||||||
|
Resolves: RHEL-48236
|
||||||
|
- Allow virtqemud_t relabel virtqemud_var_run_t sock_files
|
||||||
|
Resolves: RHEL-48236
|
||||||
|
- Allow virtqemud relabelfrom virtqemud_var_run_t dirs
|
||||||
|
Resolves: RHEL-48236
|
||||||
|
- Allow svirt_tcg_t read virtqemud_t fifo_files
|
||||||
|
Resolves: RHEL-48236
|
||||||
|
- Allow virtqemud rw and setattr access to sev devices
|
||||||
|
Resolves: RHEL-69128
|
||||||
|
- Allow virtqemud directly read and write to a fixed disk
|
||||||
|
Resolves: RHEL-61235
|
||||||
|
- Allow svirt_t the sys_rawio capability
|
||||||
|
Resolves: RHEL-61235
|
||||||
|
- Allow svirt_t the sys_rawio capability
|
||||||
|
Resolves: RHEL-61235
|
||||||
|
- Allow virtqemud connect to sanlock over a unix stream socket
|
||||||
|
Resolves: RHEL-44352
|
||||||
|
- allow gdm and iiosensorproxy talk to each other via D-bus
|
||||||
|
Resolves: RHEL-70850
|
||||||
|
- Allow sendmail to map mail server configuration files
|
||||||
|
Related: RHEL-54014
|
||||||
|
- Allow procmail to read mail aliases
|
||||||
|
Resolves: RHEL-54014
|
||||||
|
- Grant rhsmcertd chown capability & userdb access
|
||||||
|
Resolves: RHEL-68481
|
||||||
|
|
||||||
* Fri Nov 29 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.16-1
|
* Fri Nov 29 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.16-1
|
||||||
- Fix the file type for /run/systemd/generator
|
- Fix the file type for /run/systemd/generator
|
||||||
Resolves: RHEL-68313
|
Resolves: RHEL-68313
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
|
|
||||||
# github repo with selinux-policy sources
|
# github repo with selinux-policy sources
|
||||||
%global giturl https://github.com/fedora-selinux/selinux-policy
|
%global giturl https://github.com/fedora-selinux/selinux-policy
|
||||||
%global commit 3f0002adb63d7da7f8dcb203925b9ba6d10301c3
|
%global commit 78847c4bcc0b30d4f89ac04004934a95c57bcd35
|
||||||
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
||||||
|
|
||||||
%define distro redhat
|
%define distro redhat
|
||||||
@ -17,7 +17,7 @@
|
|||||||
%define CHECKPOLICYVER 3.2
|
%define CHECKPOLICYVER 3.2
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 40.13.16
|
Version: 40.13.17
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPL-2.0-or-later
|
License: GPL-2.0-or-later
|
||||||
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
|
||||||
|
4
sources
4
sources
@ -1,3 +1,3 @@
|
|||||||
SHA512 (selinux-policy-3f0002a.tar.gz) = 51b525de3f63b3a9e2a2394826fd7bad0e32b22fc8a0b2cdd53d7580d2f07382732e20f4e8a0535acafb777f41b473fb9ed04f7927c11e25273f3861baf6d6a9
|
SHA512 (selinux-policy-78847c4.tar.gz) = 76d87a323225bf68a212801f3ceba8a70070080793144006dbc7b3e88eae46a9a9b63c3f0e2a9fe823be6fc5fc8bcf6b996f5e21242a2b46747471ccca317ab1
|
||||||
|
SHA512 (container-selinux.tgz) = af2b1c6e9aa6762e6dd388d1ca5568f067f715514335c8b70400fc1282979f2a377c6797c9d43ceaccf17caa45a52b9d39e9d3a425286209f0be250bcaf71ae9
|
||||||
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
|
||||||
SHA512 (container-selinux.tgz) = 1211d3b8da0d12e15d3757d40a256ccd1fb786c895d051cd91d5f4725b1ea30bbdaa20e8a5fd2c8130b9cd1711f9784670b05e0883840e297755841f5a309903
|
|
||||||
|
Loading…
Reference in New Issue
Block a user